I am using the Azure AD B2C service for the authentication. I having a use case where the user authentication has to be done in non-interactive / headless manner.
I need to send the username and password to AD B2C using Graph API to validate the user and get the id token and access token.
In the AD B2C documentation under limitations, it says the above mentioned use case is not supported, instead the use case can be achieved using client credentials flow.
But, I have tried using the resource owner password credentials flow to achieve this use case. It is working for me.
Is this approach is advisable to achieve the non-interactive / headless authentication user flow?
Update:
I have a Web API protected using AD B2C, those APIs is consumed from Web Application and also from external application (can be a Desktop application, another Web API).
For web application, we can use interactive AD B2C sign-in flow for the authentication.
For external application (can be a Desktop application, another Web API), We need to authenticate in non-interactive / headless manner. For this can we use the ROPC flow?
